What Are You Looking For?

Sign Up

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  pidgin (SSA:2010-024-03)

New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,
and -current to fix a security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013


Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
patches/packages/pidgin-2.6.5-i486-1_slack13.0.txz :  Upgraded.
  This fixes a directory traversal vulnerability in Pidgin's MSN protocol
  handling that may allow attackers to download arbitrary files.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:

Updated package for Slackware 12.1:

Updated package for Slackware 12.2:

Updated package for Slackware 13.0:

Updated package for Slackware x86_64 13.0:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 12.0 package:
1d779642ef1728ee115d0159803ffce7  pidgin-2.6.5-i486-1_slack12.0.tgz

Slackware 12.1 package:
24e6a95472e15299f16ad137ca92c568  pidgin-2.6.5-i486-1_slack12.1.tgz

Slackware 12.2 package:
d5186bf297d9647f08e4ff8b8d3496e5  pidgin-2.6.5-i486-1_slack12.2.tgz

Slackware 13.0 package:
b73f234503067324f5a16bc1686d0192  pidgin-2.6.5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
6ae919fbbfc06731d4b83a9ff65f88a8  pidgin-2.6.5-x86_64-1_slack13.0.txz

Slackware -current package:
da2ea9b466c31521cf3857fc6998cb4c  pidgin-2.6.5-i486-1.txz

Slackware x86_64 -current package:
362a93381a225db704749b4249013731  pidgin-2.6.5-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg pidgin-2.6.5-i486-1_slack13.0.txz


+-----+

Slackware: 2010-024-03: pidgin Security Update

January 25, 2010
New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 13.0 ChangeLog: patches/packages/pidgin-2.6.5-i486-1_slack13.0.txz : Upgraded. This fixes a directory traversal vulnerability in Pidgin's MSN protocol handling that may allow attackers to download arbitrary files. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 (* Security fix *)

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 12.0 package: 1d779642ef1728ee115d0159803ffce7 pidgin-2.6.5-i486-1_slack12.0.tgz
Slackware 12.1 package: 24e6a95472e15299f16ad137ca92c568 pidgin-2.6.5-i486-1_slack12.1.tgz
Slackware 12.2 package: d5186bf297d9647f08e4ff8b8d3496e5 pidgin-2.6.5-i486-1_slack12.2.tgz
Slackware 13.0 package: b73f234503067324f5a16bc1686d0192 pidgin-2.6.5-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 6ae919fbbfc06731d4b83a9ff65f88a8 pidgin-2.6.5-x86_64-1_slack13.0.txz
Slackware -current package: da2ea9b466c31521cf3857fc6998cb4c pidgin-2.6.5-i486-1.txz
Slackware x86_64 -current package: 362a93381a225db704749b4249013731 pidgin-2.6.5-x86_64-1.txz

Severity
[slackware-security] pidgin (SSA:2010-024-03)
New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg pidgin-2.6.5-i486-1_slack13.0.txz

Related News

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo